Microsoft Windows User32.DLL ANI File Header Handling Stack-Based Buffer Overflow Vulnerability

Microsoft Windows User32.DLL ANI File Header Handling Stack-Based Buffer Overflow Vulnerability

A public proof-of-concept that is designed to trigger this vulnerability was created by Assaf Reshef <assaf404 at yahoo dot com> and is available at the following location:

http://underwar.livedns.co.il/projects/ani/

An additional proof of concept (anieeye.zip) has been made available by Berend-Jan Wever.

An additional proof of concept (HOD-ms05002-ani-expl.c) has been made available by houseofdabus HOD <houseofdabus@inbox.ru>.

An exploit has been made available by WhiskyCoders.

/data/vulnerabilities/exploits/anieeye.zip
/data/vulnerabilities/exploits/HOD-ms05002-ani-expl.c
/data/vulnerabilities/exploits/WC-ms05002-ani-expl-cb.c